Denial Of Service (DoS)

org.mvel: mvel2 is vulnerable to Denial Of Service DoS. The vulnerability is due to the ParseTools.subCompileExpression method which times or executes for an indefinite time when parsing a crafted MVFLEX Expression MVEL. A malicious user can craft an MVEL expression and pass to the...

mvel2 TimeOut error exists in the ParseTools.subCompileExpression method

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final...

GHSA-H63J-XQX6-W58R mvel2 TimeOut error exists in the ParseTools.subCompileExpression method

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final...

CVE-2023-51079

CVE-2023-51079 is a DoS vulnerability in MVEL’s ParseTools.subCompileExpression() causing timeout under crafted requests. IBM’s bulletin ties this to IBM Business Automation Manager Open Editions (BAMOE) 9.0.0–9.1.1, recommending BAMOE 9.2.0 as the fix. Red Hat advisory for Apache Camel build als...

PT-2023-31756 · Mvel2 · Mvel2

Name of the Vulnerable Software and Affected Versions: mvel2 version 2.5.0 Final Description: A TimeOut error exists in the ParseTools.subCompileExpression method due to many Java class lookups, potentially causing a long execution time. The vendor disputes the significance of this issue, stating...

Apache Unomi Remote Code Execution(CVE-2020-13942)

A remote code execution vulnerability exists in the Apache Unomi project. The vulnerability is due to insufficient validation of OGNL and MVEL2. Successful exploitation of this vulnerability could result in execution of arbitrary code...